module.exports = function(app, db, ddaBaseURL, request, authUtil, ObjectID) {
	var usersCollection = db.collection('users');
	var rateKeysCollection = db.collection('rateKeys');
	// REST API

	app.get('/api/users', authUtil.isAdmin, function(req, res) {
		usersCollection.find({}).toArray(function(err, results) {
			if (err)
				res.json({"status": "ERROR", "msg": "Oops, there was an error"});
			else
				res.json(results); // return all users in JSON format
		});
	});

	app.post('/api/user/add', authUtil.isAdmin, function(req, res) {
		var newUser = req.body;
		console.log(newUser);
		usersCollection.insert([
			{
				"email": newUser.email,
				"password": authUtil.generateHash(newUser.password),
				"role": newUser.role,
				"createdDate": new Date()
			}
		], function(err, result) {
			if(err)
				res.json({"status": "ERROR", "msg": "Oops, there was an error"});
			res.json(result);
		});
	});

	app.post('/api/user/delete', authUtil.isAdmin, function(req, res) {
		var newUser = req.body;
		usersCollection.remove(
			{
				"email": newUser.email,
				"password": newUser.password
			}
			, function(err, result) {
				if(err){
					res.json({"status": "ERROR", "msg": "Oops, there was an error"});
				}
				//return 1 as string
				res.json(result);
			});
	});

	app.post('/api/user/update', authUtil.isAdmin, function(req, res) {
		var updatedUser = req.body;
		var query = { "_id": ObjectID(updatedUser._id)};
		usersCollection.update(query,
			{   $set:
				{
					"email": updatedUser.email,
					"password": updatedUser.password
				}
			}, function(err, result) {
				if(err)
					res.json({"status": "ERROR", "msg": "Oops, there was an error"});
				res.json(result);
			});
	});

	app.post('/api/user/changePassword', authUtil.isLoggedIn, function(req, res) {
		var updatedUser = req.body;
		var oldHashedPwd = "";
		usersCollection.findOne({email: req.user.email}, function(err, result){
			if (err){
				res.json({"status": "ERROR", "msg": "Oops, there was an error"});
			} else {
				oldHashedPwd = result.password;
				if (authUtil.compareHashedPassword(req.body.oldPassword, oldHashedPwd)){
					usersCollection.update(
						{
							"email": req.user.email
						},
						{
							$set: {
								"password": authUtil.generateHash(updatedUser.newPassword)
							}
						}, function(err, result) {
							if(err)
								res.json({"status": "ERROR", "msg": "Oops, there was an error"});
							res.json(result);
						}
					);
				} else {
					res.json({"status": "ERROR", "msg": "Wrong password"});
				}
			}
		});
	});

	app.get('/api/dda/ratekey/sync', authUtil.isLoggedIn, function(req, res, next) {
		request.get({url:  ddaBaseURL + '/ratekey', json:true, timeout: 5000}, function (error, response, body) {
			if (error){
				next(error);
			} else {
				if (!error && response.statusCode == 200) {
					var rateKeyList = body.returnObject;
					rateKeysCollection.remove({}, function(err, results){
						if (err)
							res.json({"status": "ERROR", "msg": "Oops, there was an error"});
						rateKeysCollection.insert(rateKeyList ,function(err, results){
							if (err)
								next(err);
							res.json(results);
						});
					});
				}
			}
		});
	});

	app.get('/api/dda/ratekey/get', authUtil.isLoggedIn, function(req, res, next) {
		rateKeysCollection.find().toArray(function(err, results) {
			if (err){
				next(err);
			}
			res.json(results);
		});
	});

	app.post('/api/dda/ratekey/insert', authUtil.isLoggedIn, function(req, res, next) {
		request.put({url:  ddaBaseURL + '/ratekey', json:true, body: req.body, timeout: 5000}, function (error, response, resBody) {
			if (error || !resBody){
				next(error);
			}
			else if (resBody.status !== "SUCCESS"){
				res.json(resBody);
			}
			else if (response.statusCode == 200) {
				var rateKey = resBody.returnObject;
				rateKeysCollection.insert(rateKey ,function(err, results){
					if (err)
						next(err);
					res.json(results[0]);
				});
			}
		});
	});

	app.post('/api/dda/ratekey/update', authUtil.isLoggedIn, function(req, res, next) {
		request.post({url: ddaBaseURL + '/ratekey', json:true, body: req.body, timeout: 5000}, function (error, response, resBody) {
			if (error || !resBody){
				next(error);
			}
			else if (resBody.status !== "SUCCESS"){
				res.json(resBody);
			}
			else if (response.statusCode == 200) {
				var rateKey = resBody.returnObject;
				rateKeysCollection.update({wrapKeyId: rateKey.wrapKeyId, wrapInsLineCd: rateKey.wrapInsLineCd}, rateKey ,function(err, results){
					if (err)
						next(err);
					res.json(rateKey);
				});
			}
		});
	});
	
	app.post('/api/dda/ratekey/delete', authUtil.isLoggedIn, function(req, res, next) {
		request.del({url: ddaBaseURL + '/ratekey', json:true, body: req.body, timeout: 5000}, function (error, response, resBody) {
			if (error || !resBody){
				next(error);
			}
			else if (resBody.status !== "SUCCESS"){
				res.json(resBody);
			}
			else if (response.statusCode == 200) {
				var rateKey = req.body;
				rateKeysCollection.remove({
					wrapKeyId: rateKey.wrapKeyId, 
					wrapInsLineCd: rateKey.wrapInsLineCd}, 
					function(err, results){
						if (err){
							next(err);
						}
						res.json(rateKey);
				});
			}
		});
	});

	/*app.get('/session/user', authUtil.isLoggedIn, function(req, res) {
		if (req.isAuthenticated() && req.user.role === "USER")
			res.json(req.user);
		// if they aren't redirect them to the home page
		else
			res.json({msg:"Unauthenticated"});
	});*/
};